Getting Data In

Discussions

Thread Info

Does Splunk support two-way SSL between the Universal Forwarder TCP port and external application?

Does Splunk's Universal Forwarder supports SSL for TCP inputs (i.e It is receiving data from external application)? D...

by Contributor in

How to edit my configurations to encode French special characters (é à ê è)?

Hi, I am importing data from Gitlab to Splunk. The data imported are in French and contains special characters lik...

by New Member in

After installing universal forwarders, why am I getting error "you currently don't have any forwarders installed" for Add Data in Splunk Web?

Hi all; I'm installing a universal forwarder on my Linux and Windows machines. After that, I'm starting to get the...

by Path Finder in

fill an occasional Null field with the current time

I have a search outputting results which includes a field for 'closedtime'. On occasion however this field will be bl...

by Path Finder in

Configure timestamp based only on Month and Year

Hello, I have a problem to configure the timestamp on one of my source CSV file. In this file, I have a column...

by Explorer in

How to edit props.conf and transforms.conf on a heavy forwarder to keep specific events and discard the rest

props.conf [firewall] TRANSFORMS-set = setnull,setparsing transforms.conf [setnull] REGEX = . DEST_KEY = qu...

by Path Finder in

Deploying SPLUNK for Active Directory Auditing

I am very new to SPLUNK, If some one could help me on 2 issues I am having with Deploying Splunk for Active Directory...

by Explorer in

How to send Cisco ASA Firewall logs to syslog-ng server and push it out to the indexer with universal forwarder

Hi Guys, I've been trying to send Cisco ASA firewall logs to syslog-ng server where the forwarder is installed bu...

by Explorer in

How to monitor a log file on UNIX where file name has date and PID which which are not static all the time.?

Hi Team, My file name looks like below: SASMeta_MetadataServer_2017-04-21_auq4066l_9175164.log <-----constant--...

by New Member in

Why is the event timestamp and the timestamp within my results different depending on the search?

My event timestamp and timestamp within my results are not same while i am searching in Splunk Web but some scenarios...

by Builder in

Can data being sent from a Universal Forwarder be filtered at the indexer level for only certain events?

We have a Universal Forwarder that is sending a huge amount of data. We need to only index events that contain any of...

by Path Finder in

Is it possible to automatically run iplocation on a client ip for a given sourcetype?

I want to run iplocation client_ip for a given sourcetype automatically. For example if i run I dont want to run the...

by Path Finder in

Index /var/log even though Splunk doesn't run on root

Hello Splunkers, So our Splunk Enterprise runs on a non-root user and our requirement is to forward /var/log/secur...

by Builder in

How to get data from host to heavy forwarder to indexer?

I have an indexer, search head, heavy forwarder and license master server configured. I also have a test server (host...

by New Member in

Search Archived Buckets in Hadoop

I'm working on pushing out Hadoop data roll for archived data to our index cluster. The buckets are rolling as expect...

by Communicator in

How to automatically extract key value pairs after using translatefix

I have used translatefix to decode the fix messages logs and it worked fine. But Splunk is not able to automatically ...

by Path Finder in

Should I use a heavy forwarder or an indexer cluster for my particular scenario?

Hi, I'm hoping for some advice as I'm trying to understand the best way to configure Splunk components in the sce...

by Path Finder in

Convert DateTime format befor indexing and write in _time. Time of event have hex format.

Hello everybody! I have trouble with parsing time of event in time indexing.Fields of time in my raw event have hex s...

by Explorer in

Can I use Splunk 6.5 to monitor Windows 7 hosts?

Can I use Splunk 6.5 to monitor Windows 7 hosts? My indexer is on Server 2012 so I know I can install 6.4.5 I just ne...

by Engager in

How to create a custom field to match a particular string?

I have an interesting use case, where I have a list of strings that I search for within our proxy logs to identify pr...

by Explorer in

how to filter and forward to multiple destination

Hello, I tried this configuration but it ended up badly, there were no more log on Splunk: [pan:log] TRANSFORMS...

by Path Finder in

Is there a way to change collection interval for HTTP Event Collector?

I am using HTTP Event Collector to collect Symantec ATP logs, my current ingest rate varies based on log size. It is ...

by New Member in

How to filter or blacklist all event type/level "information" on Splunk 6.5.0?

I would like to filter/blacklist all event type/level "information" on Splunk 6.5.0, i am using wmi to collect logs f...

by New Member in

How can I index SNMP traps on Windows with Splunk?

I would like my Juniper and Cisco network devices to send snmp traps to Splunk indexer running on Win2008. Anyone ...

by Splunk Employee in

Getting SNMP Data into Splunk

Hey everyone, I am trying to figure out the most efficient way to get polled SNMP data into splunk. Strangely while t...

by Builder in

Get Updates on the Splunk Community!

Getting Data In

Discussions

Does Splunk support two-way SSL between the Universal Forwarder TCP port and external application?

How to edit my configurations to encode French special characters (é à ê è)?

After installing universal forwarders, why am I getting error "you currently don't have any forwarders installed" for Add Data in Splunk Web?

fill an occasional Null field with the current time

Configure timestamp based only on Month and Year

How to edit props.conf and transforms.conf on a heavy forwarder to keep specific events and discard the rest

Deploying SPLUNK for Active Directory Auditing

How to send Cisco ASA Firewall logs to syslog-ng server and push it out to the indexer with universal forwarder

How to monitor a log file on UNIX where file name has date and PID which which are not static all the time.?

Why is the event timestamp and the timestamp within my results different depending on the search?

Can data being sent from a Universal Forwarder be filtered at the indexer level for only certain events?

Is it possible to automatically run iplocation on a client ip for a given sourcetype?

Index /var/log even though Splunk doesn't run on root

How to get data from host to heavy forwarder to indexer?

Search Archived Buckets in Hadoop

How to automatically extract key value pairs after using translatefix

Should I use a heavy forwarder or an indexer cluster for my particular scenario?

Convert DateTime format befor indexing and write in _time. Time of event have hex format.

Can I use Splunk 6.5 to monitor Windows 7 hosts?

How to create a custom field to match a particular string?

how to filter and forward to multiple destination

Is there a way to change collection interval for HTTP Event Collector?

How to filter or blacklist all event type/level "information" on Splunk 6.5.0?

How can I index SNMP traps on Windows with Splunk?

Getting SNMP Data into Splunk

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Parsing Multimetric Logs

uberAgent

.NET Application Runtime Metrics Not Showing in Sp...

Streamfwd drops IPFIX data with “no template recei...

Splunk Observability Cloud/SignalFx - Related Cont...

Getting Data In

Are you a member of the Splunk Community?

Discussions